bundlewrap/bundles/nftables/items.py
Franziska Kunsmann 0101e0c92d
All checks were successful
kunsi/bundlewrap/pipeline/pr-main This commit looks good
kunsi/bundlewrap/pipeline/head This commit looks good
bundles/nftables: store rules in dedicated files instead of nftables.conf
2021-12-14 15:27:30 +01:00

56 lines
1.2 KiB
Python

if node.has_bundle('pacman'):
package = 'pkg_pacman:nftables'
else:
package = 'pkg_apt:nftables'
directories = {
# used by other bundles
'/etc/nftables-rules.d': {
'purge': True,
'triggers': {
'svc_systemd:nftables:reload',
},
},
}
files = {
'/etc/nftables.conf': {
'needs': {
'directory:/etc/nftables-rules.d',
},
'triggers': {
'svc_systemd:nftables:reload',
},
},
'/etc/systemd/system/nftables.service.d/bundlewrap.conf': {
'source': 'override.conf',
'triggers': {
'action:systemd-reload',
'svc_systemd:nftables:reload',
},
},
}
for ruleset, rules in node.metadata.get('nftables/rules', {}).items():
files[f'/etc/nftables-rules.d/{ruleset}'] = {
'source': 'rules-template',
'content_type': 'mako',
'context': {
'rules': rules,
},
'needed_by': {
'svc_systemd:nftables',
},
'triggers': {
'svc_systemd:nftables:reload',
},
}
svc_systemd = {
'nftables': {
'needs': {
'file:/etc/nftables.conf',
package,
},
},
}